Re: [clamav-users] Software version from DNS: 0.103.11, but version is 1.3.0?
On 07.03.24 15:29, energynorman--- via clamav-users wrote: hope all of you are well. I have a more cosmetic question. We used the last clam versions all above 1.03, but in our eMail report we still see: Software version from DNS: 0.103.11 what is this "eMail report"? On 07.03.24 18:19, energynorman--- via clamav-users wrote: Thanks for your answer. And, no we do not have any further version installed. This happens on several systems. Therefore our question. Here is our research: sudo dpkg -l | grep clam ii clamav 1.3.0-1 amd64 ClamAV open source email, web, and end-point anti-virus toolkit. sudo which clamd /usr/local/sbin/clamd how did you install clamav? the dpkg version should be installed in /usr/ not /usr/local/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Software version from DNS: 0.103.11, but version is 1.3.0?
On 07.03.24 15:29, energynorman--- via clamav-users wrote: hope all of you are well. I have a more cosmetic question. We used the last clam versions all above 1.03, but in our eMail report we still see: Software version from DNS: 0.103.11 0.103.11 is the LTS version Last ClamAV update process started at Wed Mar 6 23:48:42 2024 Last Status: Current working dir is/var/lib/clamav/ Querying current.cvd.clamav.net TTL: 81 fc_dns_query_update_info: Software version from DNS: 0.103.11 Current working dir is/var/lib/clamav/ check_for_new_database_version: Local copy of daily found: daily.cld. query_remote_database_version: daily.cvd version from DNS: 27206 daily.cld database is up-to-date (version: 27206, sigs: 2054298, f-level: 90, builder: raynman) fc_update_database: daily.cld already up-to-date. Current working dir is/var/lib/clamav/ check_for_new_database_version: Local copy of main found: main.cvd. query_remote_database_version: main.cvd version from DNS: 62 main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) fc_update_database: main.cvd already up-to-date. Current working dir is/var/lib/clamav/ check_for_new_database_version: Local copy of bytecode found: bytecode.cld. query_remote_database_version: bytecode.cvd version from DNS: 335 bytecode.cld database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman) fc_update_database: bytecode.cld already up-to-date. we use 1.3.0: clamscan --version ClamAV 1.3.0/27207/Thu Mar 7 10:27:12 2024 1.3.0 is the newest version, not LTS. Is there a reason for this? you may have multiple clamav versions installed on your system. Which you shouldn't have -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Need help with clamd on Ubuntu
On 08.01.24 20:41, Marisa Giancarla via clamav-users wrote: Hello. I am trying to get a fresh install of clamav working on Ubuntu 20.04 and I am having issues when starting clamd. When I try and start it, it comes up for maybe 5 secs then shuts itself down. what do logs say? Anyone have any suggestions? how much of RAM do you have? clamav needs more than 1GB to work. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved! ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] clamav now has a tempfail?
On 23.11.23 15:06, Postmaster via clamav-users wrote: Running ClamAV 1.0.1/27101 on AlmaLinux release 8.8 with sendmail 8.15.2-34.el8 I have extra milters: opendkim, mimedefang I see this in my maillog: Nov 23 14:55:16 korolev sendmail[870567]: 3AN3tFIF870567: Milter add: header: X-Scanned-By: MIMEDefang 3.4.1 on 101.0.105.104 Nov 23 14:55:16 korolev sendmail[870567]: 3AN3tFIF870567: milter=clamav, action=header, tempfail Nov 23 14:55:16 korolev sendmail[870567]: 3AN3tFIF870567: Milter (opendkim): abort filter Nov 23 14:55:16 korolev sendmail[870567]: 3AN3tFIF870567: Milter: data, reject=451 4.3.2 Please try again later which seems to indicate clamav is doing a tempfail. Is this correct? no, it's the clamav-milter instructing sendmail to defer the e-mail. this feature has been in clamav-milter for years, perhaps since it exists. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] I am unable to access clamav.net
On 02.09.23 17:04, Victor Sizov via clamav-users wrote: >Perhaps my Ubuntu computer is infected with a virus that redirects >html requests to "iyfbodn.com". To test it, I installed clamav (sudo >apt install clamav clamav-daemon). When I updated it (sudo freshclam) >I got the message: > >... >Sat Sep 2 10:13:18 2023 -> DON'T PANIC! Read >https://docs.clamav.net/manual/Installing.html >Sat Sep 2 10:13:18 2023 -> ^FreshClam previously received error code >429 or 403 from the ClamAV Content Delivery Network (CDN). >Sat Sep 2 10:13:18 2023 -> This means that you have been rate limited >or blocked by the CDN. On Sat, Sep 2, 2023 at 6:02 PM Matus UHLAR - fantomas wrote: Which clamav version do you have? versions older than 0.103 are not supported. On 03.09.23 22:36, Victor Sizov via clamav-users wrote: I have 0.103.9 version. this is new enough. ! > >When I open https://docs.clamav.net in a browser, I get a message ! > >about blocking in cloudflare: ! > > ! > >Cloudflare Ray ID: 8005341f1fbc9daa • Your IP: 91.77.160.250 This ray ID could tell clamav people what to look for. I cannot use my brouser (Firefox 117 64 bit) because cloudflare blocks my access to clamav.net. >2) Could you advise me how to make sure the presence/absence of a >redirect to "iyfbodn.com"? sorry, looks like a real virus targetting browsers. Can you try searching from other computer? Yes, i tried installing clamav on another computer in my local network and got the same errors when running freshclam and clamscan. If you have clamav running on multiple computers in your network and if they sit on a single IP behind NAT, this may be the reason why you are getting denied. You many need to set up local clamav database mirror not to overload clamav network with repeated requests for databases. https://github.com/Cisco-Talos/cvdupdate https://packages.ubuntu.com/search?keywords=cvdupdate sizov@ironUbuntu:~$ sudo freshclam Sun Sep 3 22:20:23 2023 -> ClamAV update process started at Sun Sep 3 22:20:23 2023 Sun Sep 3 22:20:23 2023 -> ^Your ClamAV installation is OUTDATED! Sun Sep 3 22:20:23 2023 -> ^Local version: 0.103.9 Recommended version: 0.103.10 Sun Sep 3 22:20:23 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Sun Sep 3 22:20:23 2023 -> ^FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Sun Sep 3 22:20:23 2023 -> This means that you have been rate limited or blocked by the CDN. calscan error: sizov@ironUbuntu:~$ sudo clamscan . LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav ERROR: Can't open file or directory This says there's no database loaded on that machine, apparently because of being blocked. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Freshclam version 1.0.2 warnings
On 02.09.23 22:32, Jorge Bastos wrote: Since version 1.0.2 i'm having this information on freshclam update, in previous 1.0.0 it was not happening. Any ideia how to solve it, or it's something that has an ongoing fix? Sat Sep 2 21:25:12 2023 -> Received signal: wake up Sat Sep 2 21:25:13 2023 -> ClamAV update process started at Sat Sep 2 21:25:13 2023 Sat Sep 2 21:25:13 2023 -> daily.cld database is up-to-date (version: 27019, sigs: 2040213, f-level: 90, builder: raynman) Sat Sep 2 21:25:13 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Sat Sep 2 21:25:13 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Sat Sep 2 21:25:14 2023 -> WARNING: *** RESULT 304, SIZE: 0 *** Sat Sep 2 21:25:14 2023 -> malware.expert.ndb is up-to-date (version: custom database) HTTP code 304 means "not modified" which means your files are accurate. I have no idea why that produces warning, it should be treated as OK state, possibly INFO message... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] I am unable to access clamav.net
On 02.09.23 17:04, Victor Sizov via clamav-users wrote: Perhaps my Ubuntu computer is infected with a virus that redirects html requests to "iyfbodn.com". To test it, I installed clamav (sudo apt install clamav clamav-daemon). When I updated it (sudo freshclam) I got the message: ... Sat Sep 2 10:13:18 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Sat Sep 2 10:13:18 2023 -> ^FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Sat Sep 2 10:13:18 2023 -> This means that you have been rate limited or blocked by the CDN. Sat Sep 2 10:13:18 2023 -> 1. Verify that you're running a supported ClamAV version. Sat Sep 2 10:13:18 2023 -> See https://docs.clamav.net/faq/faq-eol.html for details. Which clamav version do you have? versions older than 0.103 are not supported. ... I launched curl -IL docs.clamav.net and received: HTTP/1.1 403 Forbidden Date: Sat, 02 Sep 2023 07:19:15 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: max-age=15 Expires: Sat, 02 Sep 2023 07:19:30 GMT Set-Cookie: __cf_bm=1MZmm2EcWi6S8fOiuha9zoaXngA5e44ph5LO2aXJchA-1693639155-0-AS7aYuYw1QJSTpioxNW76blxkMJKz2kTfvsaiUlH/kP9Z0sLbeMcLKgyf42ANBRqndUJQx 2dXrePUzX9Aj+RnvA=; path=/; expires=Sat, 02-Sep-23 07:49:15 GMT; domain=.clamav.net; HttpOnly; SameSite=None X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 8003fbd3bbe89d6d-DME When I open https://docs.clamav.net in a browser, I get a message about blocking in cloudfare: Cloudflare Ray ID: 8005341f1fbc9daa • Your IP: 91.77.160.250 1) How I can resolve this to get last clamav updates? clamav web and virus DB are protected from automated fetching. You need browser or freshclam new enough. 2) Could you advise me how to make sure the presence/absence of a redirect to "iyfbodn.com"? sorry, looks like a real virus targetting browsers. Can you try searching from other computer? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] QNAP NAS virus definition updates.
On 25.08.23 14:29, Thomas ONeill via clamav-users wrote: I was wondering if anyone knows the ports or IP addresses that my QNAP NAS reaches out to in order to receive definition updates. I have locked down my firewall but would like to allow the automatic updates. which QNAP NAS do you have? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Scanning blocked during database reload
On 13.07.23 15:53, Michał Smyczyński via clamav-users wrote: I have noticed the blocking of clamd scanning during database reload in clamav 1.1.0 and 0.105.2, exactly as it had happened in the earlier versions, prior to 0.103 as if the concurrent database reload feature did not properly work. I have also explicitely added ConcurrentDatabaseReload yes directive in clamd.conf but with no luck. Thu Jul 13 15:19:30 2023 -> Reading databases from /var/lib/clamav Thu Jul 13 15:20:24 2023 -> Database correctly reloaded (9536284 signatures) Thu Jul 13 15:20:24 2023 -> Activating the newly loaded database... Thu Jul 13 15:25:36 2023 -> Client disconnected (FD 10) Thu Jul 13 15:25:36 2023 -> Client disconnected (FD 11) Thu Jul 13 15:25:36 2023 -> Client disconnected (FD 12) And the scanning is blocked for 5 minutes after the database is activated. I kindly appreciate the possibility of further investigation/diagnostics. check if you didn't disable ConcurrentDatabaseReload in clamd.conf if it's enabled (by default), it allows scanning during database reload, but clamd uses twice as much RAM (can exceed 3G) during that time. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Now i know what is the problem!
On 06.05.23 16:14, newcomer01 via clamav-users wrote: now i know what the problem is with clamscan (see text below in quote). Strangely enough, with the same .eml files, all scans went through yesterday without any problems. Today the very first scan caused clamscan to hang again, it just stopped scanning. For whatever reason, this happens when a mail is only a few kb in size but has absolutely no content, I opened the affected mail with every text editor, and it was empty in all of them. Why this mail is empty from yesterday to today I don't know. Here one would have to investigate and build in additional error handling. The process just hung, with no error message or log. Do you have that file available somewhere so we can check? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] dry run freshclam
On 01.05.23 10:34, Marc wrote: this freshclam needs to have something like a --dry-run or so. Super annoying if you test with something like proxy auth and you are constantly having this cdn throttling. what should it do? Just parse the config file? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] run freshclam without notifying clamd
On 30.04.23 15:56, Marc wrote: It is building now, although I am still getting an error. What I do not get this the design change behind this. Normally I could install only freshclam, and without doing anything download the current databases for the container. Now I have to create a clamd.conf file[1] and getting all kinds of errors. Either freshclam is part of the clamav-daemon clamav-db clamav packages or not. If it not, there should not be a dependency on file included in an external package. What kind of logics is this. Why even change something that was good ... ERROR: Missing argument for option at /etc/clamav/clamd.conf:2 ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamav/clamd.conf [1] /etc/clamav # cat /etc/clamav/clamd.conf [freshclam.conf] this clamd.conf is malformed. freshclam uses real clamd.conf not just random file. you can leave database checking to clamd itself, you don't have to explicitly notify it. See the clamd docs, option SelfCheck.; -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] unsuscribe
On 25.04.23 17:14, Gilles Mioni wrote: unsuscribe does not work like this. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users read here Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Freshclam to not write to syslog?
On 04.04.23 15:41, Brent Clark via clamav-users wrote: Is it possible to get Freshclam to not write to syslog (want all logging to /var/log/clamav/freshclam.log )? Currently I have the following in my freshclam conf file. UpdateLogFile /var/log/clamav/freshclam.log LogVerbose no (also tried false) LogSyslog no (also tried false) LogFacility LOG_MAIL Debug false Did you restart freshclam after you configured this? Are you sure freshclam uses this config file? Is my understand correct that it is not possible to not write to syslog? no. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS$\*.* ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] ClamAV critical vulnerability
On 02.03.23 13:27, Michael Kyriacou via clamav-users wrote: Does anybody know if the 0.104.2 version of clamav for AIX addresses CVE-2023-20032? https://lists.clamav.net/pipermail/clamav-announce/2023/70.html ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy<https://docs.clamav.net/faq/faq-eol.html> and will not be patched. Anyone using ClamAV 0.104 must switch to a supported version. All users should update as soon as possible to patch for two remote code execution vulnerabilities that we recently discovered and patched. I’m confused on the 3 different types of versions that they state it affects 1.0.0 and earlier 0.105.1 and earlier 0.103.7 and earlier -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] about ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published
On 28.02.23 12:41, takahiro suzuki via clamav-users wrote: Does the information in the following URL affect even if the NAS file system is BTRFS? since the patches only mengion DMS files and HFS+ files, I don't see any reason they should affect BTRFS filesystems. Will it be affected even if the client uses HFS or dmg? https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html It does not matter what the client uses. ClamAV fill scan files as you pass them to ClamAV. ClamAV can scan filesystem images, unpack those filesystem images and scan files within those filesystems. This is where bugs were fixed - those images were parsed incorrectly which causes the mentioned bugs. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published
On Mon, 20 Feb 2023 14:11:10 +0200 Brent Clark via clamav-users wrote: Anyone on Debian Buster and Bullseye? How serious is this? Does anyone have any suggestions. Cause there is no packages available. If anyone can share their thoughts / experiences. the packages for clamav 0.103.8 are now available on debian buster and bullseye: https://tracker.debian.org/pkg/clamav -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Strange Problem when trying update after reboot (Ubuntu 22.04.1 ClamAV 0.103.6)
tandardwert fuer libs update std - 2 LIBS_UPD_STD="2" # standardwert fuer libs uli std - 5 LIBS_ULI_STD="5" # update anstossen - 1 oder 0 START_FRESHCLAM="0" # setze wert fuer netzwerkverbindung - 0 nicht vorhanden, 1 vorhanden NETZWERK_VORHANDEN="0" fi and only when "$NETZWERK_VORHANDEN" -eq "1" (NETZWERK_VORHANDEN is german = NETWORK_AVAILABLE) I start update (what is this time), but it seems that clamav CDN have a problem in case. But why? My code checks if dns from current.cvd.clamav.net is available and starts, but freshclam says can't resolve host name. kind regards Marc ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] about ”Can't allocate memory ERROR”
On 16.02.23 21:41, Tsutomu Oyamada wrote: I also tried it with ClamAV 0.104.2. I got an error as well. # clamscan /home/cecuser/lwiservice.exe Loading:20s, ETA: 0s [>]8.65M/8.65M sigs Compiling: 5s, ETA: 0s [>] 41/41 tasks calloc_problem: Not enough space LibClamAV Error: cli_calloc(): Can't allocate memory (66256128 bytes). calloc_problem: Not enough space LibClamAV Error: cli_calloc(): Can't allocate memory (66256128 bytes). LibClamAV Error: cli_ac_init: Can't allocate memory for data->lsigsuboff_(last|first)[0] /home/cecuser/lwiservice.exe: Can't allocate memory ERROR ClamAV 0.104.2/26814/Thu Feb 16 03:40:04 2023 After all, isn't something wrong? you seem not to have enough ov memory on your system. How much RAM do you have and how much is used? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Freshclam Proxy Password
On 15.02.23 08:26, Jorge Elissalde via clamav-users wrote: Freshclam Proxy Password is stored as plain text in Freshclam.conf file. HTTPProxyPassword myownpassword Any user is able to read that password. Is there a chance to store that password encrypted or in another place? It should be safe to set permissions to freshclam.conf only to be readable for owner, maybe group, dependending on your system: -r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf % ps axuww | grep resh clamav2646 0.0 0.0 66864 6380 ?Ss Jan30 0:19 /usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf --pid=/run/clamav/freshclam.pid Here, permissions 0400 would be enough. debian (and so I guess ubuntu) seems to do that automatically if password is set: if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then # Tighten the permissions up if it contains a password if [ -n "$ppass" ]; then chmod 400 $FRESHCLAMCONFFILE else chmod 444 $FRESHCLAMCONFFILE fi chown "$dbowner":adm $FRESHCLAMCONFFILE fi -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity... ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
It's a Debian issue. I haven't figured it out yet as nothing changed that seems like a likely source. In the meantime, the 0.103.7 package in Stable works on Testing/Unstable, so you can use that On 06.02.23 16:00, grin via clamav-users wrote: The problem seems to be caused by `libtfm1` library, more percisely v0.13, or anything before 0.13.1-1. Upgrading that fixes the issue. good to know. As a sidenote: the mirror network happily block freshclam for a day due to rate limiting, no matter what's in the freshclam config. It is rather hard to resolve since it is not possible to download the database files manually anymore (I had to realise that the hard way.) don't you run multiple clients behind the same IP address? If so, set up private mirror. The clamav network was abused by multiple clients downloading whole databases too often, so quite drastic measures were set up. I'm not subscribed but maybe mods will let this through: sending private copy. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] basic question: clamscan
On 30.01.23 11:14, newcomer01 via clamav-users wrote: basic question: with clamscan is it better to work with --include-dir or with --exclude-dir? generally I recommend only include directories you need to scan and optionally exclude their subdirectories that don't need to be scanned. you should avoid scanning everything, because there are many files you should not scan, especially on UN*X systems there are filesystemd like /dev /proc /sys etc. so, scanning /home should be safe. You may want to exclude e.g. /home/backups if you put backups there My clamscan scans my whole PC extremely slow or shoud i set the process priority high? priority won't help. You need at least 2GB of RAM and enough of time. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Errors after using clamdscan
On 12.01.23 18:34, Antonio Galdieri via clamav-users wrote: We are trying to use the clamdscan command with a scripts that sends us the results of the scan via mail, problem is, whenever we try to use the script we get the errors that you can see in the picture i attached. On Jan 12, 2023, at 11:19, Matus UHLAR - fantomas wrote: So, you get error in textual form and do a screenshot? even if the errors are in e-mail you could copy and paste from? On 12.01.23 11:22, Joel Esler via clamav-users wrote: Here you go: /sys/fs/xfs/dm-5/error/metadata/EIO/max retries: Can't read file ERROR I have answered further in the mail - /sys is not filesystem that should be scanned. special filesystems like /proc /sys /dev should not be scanned, errors are the least problem that can happem. I was just wondering why would someone post a picture of text file... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Errors after using clamdscan
On 12.01.23 18:34, Antonio Galdieri via clamav-users wrote: We are trying to use the clamdscan command with a scripts that sends us the results of the scan via mail, problem is, whenever we try to use the script we get the errors that you can see in the picture i attached. So, you get error in textual form and do a screenshot? even if the errors are in e-mail you could copy and paste from? Is this kind of error normal? Is there any parameters that we can add to fix this issue? you should NOT scan /sys filesystem. It's special filesystem, it's not to be scanned via clamav or other AV. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Anyone else having trouble reaching the ClamAV website?
On 05.01.23 10:18, Kris Deugau wrote: I went to load a semi-bookmarked page for signature writing (https://docs.clamav.net/manual/Signatures.html), but it failed and kept reloading Cloudflare's "security check" voodoo. I often get this results with seamonkey browser. firefox is usually OK. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
On 25.12.22 16:16, Jim Popovitch via clamav-users wrote: What the heck could be causing freshclam verification problems for the past 2 days? I'm getting rate-limited over and over because freshclam fails to verify daily.cvd (and then retries over and over). Is there a known problem with daily.cvd downloads being corrupt? Google says to "wget http://database.clamav.net/daily.cvd; but that no longer works. What should I be doing differently? ~$ grep freshclam /var/log/syslog Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 this looks like you are running two concurrent update processes. This may or may not cause the problem. Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. do you have single dedicated IP address for this server? DatabaseOwner clamav DatabaseDirectory /var/lib/clamav does the freshclam process run with permissions required to update the /var/lib/clamav directory? is it all owned by clamav user? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] prolem with freshclam when no sudo user is logged in the system
On 26.12.22 13:46, newcomer01 via clamav-users wrote: now i have a small problem with freshlcam, when i run a freshclam query on @reboot with user cronjob (/var/spool/cron/cronjobs/USERNAME): Mon Dec 26 13:18:24 2022 -> -- Mon Dec 26 13:18:24 2022 -> ClamAV update process started at Mon Dec 26 13:18:24 2022 Mon Dec 26 13:18:24 2022 -> WARNING: Can't query current.cvd.clamav.net Mon Dec 26 13:18:24 2022 -> WARNING: Invalid DNS reply. Falling back to HTTP mode. Mon Dec 26 13:18:24 2022 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd Mon Dec 26 13:18:24 2022 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec 26 13:18:24 2022 -> WARNING: Message: Couldn't resolve host name this happens if no sudo user is currently signed in the system. i have checked this page https://docs.clamav.net/faq/faq-troubleshoot.html in my etc/resolv.conf i have no entries for clamav. /etc/resolv.conf is not related to clamav, it's related to DNS resolution. what are its permissions and what is its content? Perhaps there's an issue with systemd or network-manager. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] false positive
On Dec 23, 2022, at 03:26, newcomer01 via clamav-users wrote: is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so that an exception can be added? On 23.12.22 05:28, Al Varnell via clamav-users wrote: A good start would be to tell us what the domain in question is. What those domains in question are. Phishing.Email.SpoofedDomain means there are two different domains in name and URL, IIRC. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] CDV file?
On 14.12.22 20:18, Armando P via clamav-users wrote: I have a NAS that uses Clamav as it’s antivirus software. I wanted to make sure that it is updated. It says it needs a *.cvd files, but I cannot find that. I have downloaded the zip file for windows 64 at clamav.net, but nothing with that extension is located there. Please help. Thank you. whch type of NAS is it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Have anyone the current clamav-freshclam file from init.d Folder from Ubuntu
On 07.12.22 16:28, newcomer01 via clamav-users wrote: Hey there, can everyone send me the current clamav-freshclam file from /etc/init.d/ source of Ubuntu 22.04.1? By an accident is have delete my one and I get it not restored env UCF_FORCE_CONFFMISS=true apt-get install --reinstall -o dpkg::Options==--force-confmiss clamav-freshclam some parts may look redundant but this should reinstall config files in any case. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] ClamAV on RHEL9 with FIPS enabled
Oct 24 12:07:45 rhel9test clamd[46661]: ERROR: Can't allocate memory On 24.10.22 19:43, Arnaud Jacques wrote: You do not have enough RAM. Do you have, at leaset 8Gb ? 1 GB is not enough, 2GB should be enough to run clamav scanner. reloading virus database in memory uses temporarily 2-times as much RAM. with 3rd party virus signatures, you may need even more ram -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Does clamav use internet after the many downloading of begun of scan?
On 24.10.22 15:32, Dorian ROSSE via clamav-users wrote: Does clamav use internet after the many downloading of begun of scan ? freshclam uses internet to actualize virus database. clamav does not access internet when scanning. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] remove me
On 09.09.22 12:29, Marc wrote: What about doing some sort of IQ test before users subscribe something like 2+2=? On Sep 9, 2022, at 12:40 PM, Matus UHLAR - fantomas wrote: making unsubscribe easier would spare us from solving problems like these. unfortunately, subscribing is often easaier than unsubscribing which is not good. On 12.09.22 09:41, Joel Esler via clamav-users wrote: Subscribing and unsubscribing is the same amount of steps, from the same webpage. I don’t understand why people are able to join a technical command line driven antivirus client email list, but can’t remove themselves. neither do I - I can only guess - they forgot they subscribed once their problem was solved - they inherited someone other's e-mail address - their spam filter blocked unsubscribe confirmation request however: when I followed the bottom-most message, I've had to click two times, enter my e-mail and click "unsubscribe" again. That's too much expecially for 2nd case - putting information about "unsubscribe" in addition to "subscribe" to https://docs.clamav.net/#mailing-lists-and-chat and https://www.clamav.net/contact.html#ml - pointing to the latter link from e-mail - highlighting the info that unsubscription must be explicitly confirmed and that spam folder should be checked for confirmation e-mail if it doesn't arrive they could make it easier to unsubscribe. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity... ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] clamav-users
unfortunately, subscribing is often easier than unsubscribing which is not good. On 10.09.22 15:35, Γιώργος Κωστόπουλος via clamav-users wrote: At the bottom of the mail, there's the related link: have you even read my email? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] remove me
perhaps it could contain better unsubscribe info, the top-down link: https://docs.clamav.net/#mailing-lists-and-chat does not contain unsubscribe On 09.09.22 12:29, Marc wrote: What about doing some sort of IQ test before users subscribe something like 2+2=? making unsubscribe easier would spare us from solving problems like these. unfortunately, subscribing is often easaier than unsubscribing which is not good. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] remove me
On 08.09.22 20:40, Joel Esler via clamav-users wrote: Check the bottom of every email sent to the list. perhaps it could contain better unsubscribe info, the top-down link: https://docs.clamav.net/#mailing-lists-and-chat does not contain unsubscribe - send mail from subscribed address to clamav-users-requ...@lists.clamav.net with subject "unsubscribe" or - enter subscribed address to the "Unsubscribe or edit options" dialog at https://lists.clamav.net/mailman/listinfo/clamav-users AND - confirm the mail you'll get to that address verification is important so nobody tan subscribe/unsubscribe address they don't own On Sep 8, 2022, at 14:16, Michael Piziak via clamav-users wrote: remove me clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Incremental updates and server memory
On 08.09.22 18:20, Andrew C Aitchison via clamav-users wrote: The malware databases are updated with cdiffs, which means that the whole database does not have to be re-downloaded with each update. However, the running daemon has to re-read the whole database from disk (temporarily doubling the memory requirement). Would it make sense to be able to load the cdiff and avoid reloading from sratch ? I gues the main point is that it must be implemented. otherwise, yes, it makes perfect sense. It would lowed cpu and memory usage and speed up reload. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Clam AV on NAS/Personal Cloud Device?
On 01.09.22 10:49, tim.pennick--- via clamav-users wrote: Grateful for any advice, and apologies in advance for the necessarily detailed message below. I recently purchased a Western Digital MyCloud Ex2 Ultra Personal Cloud/NAS device. The firmware of this device includes an app store of installable third party products including what they call Anti Virus Essentials. This turns out after some investigation to be Clam Anti Virus. The device runs a flavour of Linux, and the configuration I chose has 6TB of storage, which I have configured as a single volume. Specifications from the WD website at https://www.westerndigital.com/en-gb/products/network-attached-storage/wd-my -cloud-expert-series-ex2-ultra#WDBVBZ0060JCH-EESN say: "Upgraded with the powerful Marvell ARMADA 385 1.3GHz dual-core processor, you'll get ultra-fast transfer rates for high performance streaming. It also comes with 1GB of DDR3 memory, so you can multitask with ease." according to its specification: https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/wd/product/nas/my_cloud/ex2_ultra/product-overview-my-cloud-expert-series-ex2-ultra.pdf as this device only has 1GB of RAM, it is not enough to run clamav. sorry. there were multiple NAS devices shipped with clamav, however currently clamav itself requires about 1.3GB of RAM and you need OS too. so I recommend you at least 2GB for ocassional use, 4 and more for standard use with antivirus (during database reload, clamav needs twice as much memory, unless you are willing to suspend any work while DB reload happens). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Starting Clamd
On Wed, 17 Aug 2022, John wrote: # clamconf -n Checking configuration files in /usr/--sysconfdir=/etc/clamav/etc On 17.08.22 19:06, G.W. Haywood via clamav-users wrote: Ouch. Did this clamconf binary come from a package?? of course not. the OP stated he used sefl-built clamav and now uses debian packages: https://lists.clamav.net/pipermail/clamav-users/2022-August/012865.html obviously, this is not clamconf from a debian package. John, remove all clamav files you have installed yourself. If not else, you can remove or purge debian packages and clean all leftover files. (you can use "cruft" package top detect those). you seem to have mix of your and debian files, which causes you troubles. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Permanently banned from clamav
On 02.07.22 16:27, Calogero Di Legami via clamav-users wrote: I tried to download them with chrome version 103, on a mac running Mac OS X 10.5.7 with latest security patches so, neither freshclam, nor cvdupdate this (downloading using chrome or other http clients) has caused problem to delivery network and was blocked: https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html Use freshclam or cvdupdate: https://github.com/Cisco-Talos/cvdupdate On Sat, 2 Jul 2022, Calogero Di Legami via clamav-users wrote: > Hi, i'm Calogero Di Legami, I'm 24 and I live in Italy My ISP is > Tiscali, a normal Italian ISP This morning when i tried to download > “daily.cvd”, cloudflare told me that i was permanently banned Why? Il sab 2 lug 2022, 15:52 G.W. Haywood via clamav-users < clamav-users@lists.clamav.net> ha scritto: There has been widespread and serious abuse of the Content Delivery Network, which forced the introduction of protection mechanisms. Regular downloading of the entire daily database is not acceptable. There are alternatives which cause much less network traffic. Your problem *might* be because the IP address that you were using has been seen to be abusive, or it might be because of the download method which you were trying to use. How were you trying to download the daily database? The accepted method is to use the freshclam utility which was provided with a fairly recent version of ClamAV. The utility takes care to use the minimum network bandwith. Not using freshclam, or using a version which is too old, are both likely to cause problems. More information: https://blog.clamav.net/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] EXT :Re: Version .105
On 29.06.22 14:09, West, Hunter D [US] (ES) via clamav-users wrote: I went to this link and downloaded the clamav-0.105.0.linux_x86_64 rpm, moved it to the my linux machine and tried to install/update it and I received an a bunch of dependencies error messages. unless you know you need the 0.105 version, I recommend you using the version provided by redhat/centos/almalinux/rockylinux/epel -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] How to delete logs after scan
On 23.05.22 09:34, Al Varnell via clamav-users wrote: Translation from Italian: is it possible to clear the logs after each scan? If so, how? this could be possible by rotating log and sending SIGHUP to clamd after each clamdscan done alternative possibility is to use clamscan, but this requires about a minute for loading the virus database each time it's run. On May 23, 2022, at 3:50 AM, Marco Cesareo wrote: Buongiorno, è possibile cancellare i log dopo ogni scansone? Se sì come? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] clamdscan versus clamscan detection
On 31.03.22 11:02, Petr Jurášek via clamav-users wrote: https://www.mail-archive.com/clamav-users@lists.clamav.net/msg51769.html It's the same situation. Vir is detected, but file is "clean", you can see it in summary. On 31.03.22 12:18, Matus UHLAR - fantomas wrote: looks like that. I completely missed it. FYI https://github.com/Cisco-Talos/clamav/issues/521 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamdscan versus clamscan detection
On 31.03.22 11:02, Petr Jurášek via clamav-users wrote: https://www.mail-archive.com/clamav-users@lists.clamav.net/msg51769.html It's the same situation. Vir is detected, but file is "clean", you can see it in summary. looks like that. I completely missed it. % clamscan intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND /home/uhlar/intamldeosreitlu.xls: OK Infected files: 0 % clamscan -z intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND Infected files: 1 funny that -z option causes clamdscan to find the file in subsqeuent scana: % clamdscan intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: OK Infected files: 0 % clamdscan -z intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND Infected files: 1 % clamdscan intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND Infected files: 2 Dne 31. 03. 22 v 10:55 Matus UHLAR - fantomas napsal(a): I have received a file that is not detected by clamdscan, but is by clamscan: % clamdscan /home/uhlar/intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: OK % clamscan /home/uhlar/intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND /home/uhlar/intamldeosreitlu.xls: OK file permissions seem not to be the problem (file is publicly readable) This is debian 11 installation, I have regenerated clamd.conf via "dpkg-reconfigure clamav-daemon" and I can't find out which options to change to make clamdscan detect the file. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamdscan versus clamscan detection
Hello, I have received a file that is not detected by clamdscan, but is by clamscan: % clamdscan /home/uhlar/intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: OK % clamscan /home/uhlar/intamldeosreitlu.xls /home/uhlar/intamldeosreitlu.xls: Doc.Downloader.Qbot03222-9942295-0 FOUND /home/uhlar/intamldeosreitlu.xls: OK file permissions seem not to be the problem (file is publicly readable) This is debian 11 installation, I have regenerated clamd.conf via "dpkg-reconfigure clamav-daemon" and I can't find out which options to change to make clamdscan detect the file. Does anyone have the idea? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] allowlist/fixing false positive
On 01.03.22 17:15, Alex via clamav-users wrote: I have a fedora34 system with clamd-0.103.5 and amavisd/SA/postfix. I have a newsletter from ncua.gov that keeps getting blocked because it apparently contains links.gd in the body somewhere, although I can't find it. How do I exclude this email from being tagged without having to bypass the Heuristics.Phishing.Email.SpoofedDomain rule altogether? X-Amavis-Alert: INFECTED, message contains virus: Heuristics.Phishing.Email.SpoofedDomain I think this can be enabled by disabling PhishingScanURLs in clamd.conf I also think amavis has way to handle this kind of clamav result differently, but that's question for amavis, not for clamav. Also, I keep deleting the main.cvd database but it keeps replacing it. How do I configure clamav so it only updates one of the main database types? clamscan -v virus-20220228T143424-suCp6LTlKRG5 LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them do you have both of them? which one is older? Don't you have old clamav(-freshclam) installation hanging somewhere? LibClamAV info: Real URL:https://lnks.gd LibClamAV info: Display URL: chairmanharpersfullremarksareavailableonncua.gov /root/quarantine/virus-20220228T143424-suCp6LTlKRG5: Heuristics.Phishing.Email.SpoofedDomain FOUND -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] reloading database problem
On Wed, 9 Feb 2022, Matus UHLAR - fantomas wrote: I have clamav 0.103.5 installed on debian 11 and I'm getting too often errors when reloading database. looking back this problem started appearing on: Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures) Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed database this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB ... I wonder if this problem may be caused by i386 architecture with 3GB limit ... Does clamd reload signature database in the same process? On 13.02.22 11:14, Matus UHLAR - fantomas wrote: I have rebooted into 64-bit kernel, without changing any installed software. looks like database updates work flawlessly since: [...] So the 3GB barrier applies to clamav (no wonder) when reloading signatures. - unlike other SW, no new clamd instance after reload. On 13.02.22 13:16, Matus UHLAR - fantomas wrote: I just encountered the DB reload, watched it closely: Sun Feb 13 12:46:13 2022 -> Reading databases from /var/lib/clamav Sun Feb 13 12:46:50 2022 -> Database correctly reloaded (12732534 signatures) Sun Feb 13 12:46:50 2022 -> Activating the newly loaded database... meanwhile clamd usage doubled and crossed 3.350G after 2-3 minutes it dropped back to 1.7G. I'd invite clamd logging message about database successfully activated. I'm enabling zswap again, hopefully this time it won't kill system performance. notes after some time: after moving to 64-bit OS with 4G available for 32-bit clamav swap issue became a bit better, swap usage was higher, but the system was not killed by continuously swapping when trying to reload the database (and failing). I have removed the biggest database "securiteinfoold.hdb" that took about 300MB on disk (IIRC, the size was close to main and daily) - number of signatures lowered from 12733384 to 9148084 - RAM usage lowered from 1705796 virt/ 1.5G res to 1364984 virt / 1.2g res (TOP output) I currently have 0.5G of swap used. I will keep it running like this for some time and then fetch securiteinfoold.hdb and then see how many of mails it catches. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] SSL issue
On 19.02.22 05:54, Eero Volotinen wrote: well. your system cannot verify ssl connection certificate. something wrong with your local ca/root certificates.. probably intercepting proxy or some kind of security firewall with ssl decryption. On Sat 19. Feb 2022 at 2.52, Eliya Voldman via clamav-users < clamav-users@lists.clamav.net> wrote: I'm trying to install 'cvdupdate' on my Windows 2012 R2 server but hit this error. Could someone help? --- C:\Python38\Scripts>pip3.exe install cvdupdate WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip. Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue. To avoid this problem you can invoke Python with '-m pip' instead of running pip directly. WARNING: Ignoring invalid distribution -p (c:\python38\lib\site-packages) WARNING: Ignoring invalid distribution -ip (c:\python38\lib\site-packages) WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages) WARNING: Ignoring invalid distribution -p (c:\python38\lib\site-packages) WARNING: Ignoring invalid distribution -ip (c:\python38\lib\site-packages) WARNING: Ignoring invalid distribution - (c:\python38\lib\site-packages) WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIF Y_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1108)'))': /simple/cvdupdate/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] reloading database problem
On 13.02.22 11:14, Matus UHLAR - fantomas wrote: On Wed, 9 Feb 2022, Matus UHLAR - fantomas wrote: I have clamav 0.103.5 installed on debian 11 and I'm getting too often errors when reloading database. looking back this problem started appearing on: Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures) Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed database this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB ... I wonder if this problem may be caused by i386 architecture with 3GB limit ... Does clamd reload signature database in the same process? I have rebooted into 64-bit kernel, without changing any installed software. looks like database updates work flawlessly since: [...] So the 3GB barrier applies to clamav (no wonder) when reloading signatures. - unlike other SW, no new clamd instance after reload. I just encountered the DB reload, watched it closely: Sun Feb 13 12:46:13 2022 -> Reading databases from /var/lib/clamav Sun Feb 13 12:46:50 2022 -> Database correctly reloaded (12732534 signatures) Sun Feb 13 12:46:50 2022 -> Activating the newly loaded database... meanwhile clamd usage doubled and crossed 3.350G after 2-3 minutes it dropped back to 1.7G. I'd invite clamd logging message about database successfully activated. I'm enabling zswap again, hopefully this time it won't kill system performance. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] reloading database problem
On Wed, 9 Feb 2022, Matus UHLAR - fantomas wrote: I have clamav 0.103.5 installed on debian 11 and I'm getting too often errors when reloading database. looking back this problem started appearing on: Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures) Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed database [...] this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB ... I wonder if this problem may be caused by i386 architecture with 3GB limit ... Does clamd reload signature database in the same process? On 09.02.22 09:44, G.W. Haywood via clamav-users wrote: It's a very long time since I ran ClamAV on i386 so I've no experience to offer. If your suspicion is correct it might be a problem specific to the machine: https://en.wikipedia.org/wiki/3_GB_barrier On 10.02.22 09:58, Matus UHLAR - fantomas wrote: yes, this is what I'm guessing. I'm just curious if someone can confirm this or I have to try. so far I was lazy to convert this machine (or at least part of it) to 64-bit. 64-bit kernel should help to move the barrier to 4G. I have rebooted into 64-bit kernel, without changing any installed software. looks like database updates work flawlessly since: Fri Feb 11 19:52:38 2022 -> SelfCheck: Database modification detected. Forcing reload. Fri Feb 11 19:53:03 2022 -> ERROR: reload_th: Database load failed: Can't allocate memory Fri Feb 11 19:53:04 2022 -> WARNING: Database reload failed, keeping the previous instance Fri Feb 11 20:42:57 2022 -> +++ Started at Fri Feb 11 20:42:57 2022 Fri Feb 11 20:42:57 2022 -> Not loading PUA signatures. Fri Feb 11 20:43:28 2022 -> Loaded 12726414 signatures. Fri Feb 11 20:49:16 2022 -> Database correctly reloaded (12726430 signatures) Fri Feb 11 20:49:16 2022 -> Activating the newly loaded database... Fri Feb 11 21:54:23 2022 -> Database correctly reloaded (12726435 signatures) Fri Feb 11 21:54:23 2022 -> Activating the newly loaded database... Fri Feb 11 22:49:08 2022 -> SelfCheck: Database modification detected. Forcing reload. Fri Feb 11 22:49:45 2022 -> Database correctly reloaded (12726434 signatures) Fri Feb 11 22:49:45 2022 -> Activating the newly loaded database... So the 3GB barrier applies to clamav (no wonder) when reloading signatures. - unlike other SW, no new clamd instance after reload. There's a configuration option to avoid the doubled memory usage on a database reload, look in the configuration file for clamd for the 'ConcurrentDatabaseReload' directive. Be aware of the issues, you might not want to pause scanning during reloads. I know of this feature, just wanted to avoid it. even my swap usage is lower, which is a good thing. I'm going to activate zswap again. Before this change, my machine was running quite slowly, apparently because of excessive swapping due to repeated attempts to reload signature. I have learnt something... What a lot of signatures! I'm at around 8.8 million at the moment, with about 45 additional third-party databases and yara rule sets. On Thu, 10 Feb 2022, Matus UHLAR - fantomas wrote: I think most of it comes from securiteinfo.com feed, which I have subscribed into. I have this machine for personal use. it seems their signatures are the most commonly catched: % zgrep -Fih FOUND `ls -1tr clamav.log*` | awk ... 84 SecuriteInfo 62 Porcupine 32 Sanesecurity [...] (there may be duplicates so the real difference may be smaller) On 10.02.22 09:38, G.W. Haywood via clamav-users wrote: That's a bit odd. You seem to be getting roughly twice the hits from Porcupine that you get from Sansecurity, and over here it's the other way around although the difference is smaller. We see about 50%-60% more from Sanesecurity than from Porcupine, 85 and 55 respectively to date in February. In fact my Yara rules catch many more than that, I wonder if they catch more of what Porcupine would have caught and your SecuriteInfo sigs catch more of what Sanesecurity would have caught. that's what I meant by duplicates. I've looked into telling ClamAV to report all the matches it can find instead of just the first, but actually doing that hasn't yet reached the top of this 'in' tray. I'll stop. A fellow could go nuts. this could eliminate many duplicates, which could help us quite a bit. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] reloading database problem
On Wed, 9 Feb 2022, Matus UHLAR - fantomas wrote:
I have clamav 0.103.5 installed on debian 11 and I'm getting too often
errors when reloading database.
looking back this problem started appearing on:
Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures)
Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed
database
...
On 09.02.22 09:44, G.W. Haywood via clamav-users wrote:
What a lot of signatures! I'm at around 8.8 million at the moment,
with about 45 additional third-party databases and yara rule sets.
I think most of it comes from securiteinfo.com feed, which I have
subscribed into. I have this machine for personal use.
it seems their signatures are the most commonly catched:
% zgrep -Fih FOUND `ls -1tr clamav.log*` | awk '$8 == "(deleted):" {print
$9;next} {print $8}' | cut -f1 -d. | sort | uniq -c|sort -nr
84 SecuriteInfo
62 Porcupine
32 Sanesecurity
2 PhishTank
1 Bofhland
(there may be duplicates so the real difference may be smaller)
this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB ...
With 8.8M sigs on ARM7 64 bit with 4G RAM I'm using about 1.2GB of
resident memory and concurrent reloads give no trouble. There were
some 'malformed' bleatings in the log back at the end of June - early
July, but I think that was a real database problem which was promptly
fixed. Nothing at all since then.
I wonder if this problem may be caused by i386 architecture with 3GB limit ...
Does clamd reload signature database in the same process?
It's a very long time since I ran ClamAV on i386 so I've no experience
to offer. If your suspicion is correct it might be a problem specific
to the machine:
https://en.wikipedia.org/wiki/3_GB_barrier
yes, this is what I'm guessing.
I'm just curious if someone can confirm this or I have to try.
so far I was lazy to convert this machine (or at least part of it) to
64-bit. 64-bit kernel should help to move the barrier to 4G.
There's a configuration option to avoid the doubled memory usage on a
database reload, look in the configuration file for clamd for the
'ConcurrentDatabaseReload' directive. Be aware of the issues, you
might not want to pause scanning during reloads.
I know of this feature, just wanted to avoid it.
is the "Malformed database" just incorrect error code for this case?
It's not impossible. One of the most valuable lessons I learned early
in my career was not to put too much faith in the error messages given
by most computer software. Sometimes I will recompile an executable
with a bunch extra error messages when I wonder if I understand what's
going on (the ClamAV error handling is generally pretty well organized
which makes that easy). But if you stress things enough you're always
going to find corner cases.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[clamav-users] reloading database problem
Hello, I have clamav 0.103.5 installed on debian 11 and I'm getting too often errors when reloading database. looking back this problem started appearing on: Mon May 10 11:51:15 2021 -> Database correctly reloaded (12721518 signatures) Mon May 10 12:48:11 2021 -> ERROR: reload_th: Database load failed: Malformed database Mon May 10 12:48:13 2021 -> WARNING: Database reload failed, keeping the previous instance Mon May 10 13:22:53 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory Mon May 10 13:22:55 2021 -> WARNING: Database reload failed, keeping the previous instance Mon May 10 13:55:26 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory Mon May 10 13:55:28 2021 -> WARNING: Database reload failed, keeping the previous instance Mon May 10 14:54:47 2021 -> ERROR: reload_th: Database load failed: Malformed database Mon May 10 14:54:49 2021 -> WARNING: Database reload failed, keeping the previous instance Mon May 10 15:52:53 2021 -> SelfCheck: Database modification detected. Forcing reload. Mon May 10 15:53:56 2021 -> ERROR: reload_th: Database load failed: Malformed database Mon May 10 15:53:58 2021 -> WARNING: Database reload failed, keeping the previous instance Mon May 10 17:47:55 2021 -> ERROR: reload_th: Database load failed: Can't allocate memory Mon May 10 17:47:57 2021 -> WARNING: Database reload failed, keeping the previous instance Mon May 10 20:47:48 2021 -> Database correctly reloaded (12708784 signatures) Yesterday I checked all databases using: clamscan -d "$file" /var/lib/clamav-unofficial-sigs/configs/scan-test.txt ... no error was produced. this machine has 4G of RAM and some swap, clamd currently eats ~1.5 GB of RAM: PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 2169 clamav20 0 1705796 1.5g 6380 S 0.0 39.5 0:33.83 clamd I use multiple third-party signatures - last added securiteinfo on 2020/05/04, no huge difference in sigcount - clamav was upgraded from 0.102.4 to 0.103.2 on 2021-04-24 and this was last change before this happened: -rw-r- 1 root clamav 1395 May 4 2020 /etc/clamav-unofficial-sigs.conf -rw-r--r-- 1 root root 1873 Feb 8 2020 /etc/clamav/clamd.conf -r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf I wonder if this problem may be caused by i386 architecture with 3GB limit per process: Does clamd reload signature database in the same process? (many servers use fork themselves and load config to a new process, would avoid this error) is the "Malformed database" just incorrect error code for this case? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Locating clamav-milter to match v0.104.2
On Tuesday, February 8, 2022 12:38:02 PM EST Micah Snyder (micasnyd) via clamav-users wrote: HI Michael, Ged, clamav-milter is indeed a part of the clamav project. As Ged notes, it hasn't changed in many years - at least not since I started here over 4 years ago. Unfortunately, the clamav-milter daemon is not included with the 0.104 DEB and RPM packages we provide on clamav.net/downloads. I would like to include it in the future. Ged's link to use the Fedora project's milter RPM sounds like a good option to me. And as he notes, since it is a standalone program and communicates with ClamD over a socket interface that also hasn't changed in many years - it should work just fine. On 08.02.22 12:46, Scott Kitterman via clamav-users wrote: The Debian packages provided by Debian do include the milter. We're staying on 0.103 for now, so we don't have 0.104 packages, but maybe you could update your Debian packaging based on what we have currently and provide it. I don't use the milter either, but we don't get much in the way of complaints about it. works like a charm FYI. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity... ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav milter + sendmail, sendmail not reporting reject
On 08.02.22 10:35, Marc wrote: >Normally when a client connection is reject by my sendmail server, the > client is notified of the Reject message and the client server is > generating a NDR. This is listed in my log as [1] > however when I send a virus what's the difference between "you" and a "client connection"? Not much I hope, both are delivering to the same server but from my message I have the logs and can see if I receive a bounce or not. Now I switched testing via a thunderbird client, I do have better reporting. if by "you" you mean your mail client, then your mailserver rejects message from your mail client. Your mail client should display error message when sending mail, not create a bounce. this looks like your sendmail DID reject mail from client. I think you are maybe right, however this is not being reported and it gets stuck in my delivering mail server. so, you have two mail servers and the first sends message to another one that rejects it? Which I do not get because if I put my own email address on the email blacklist, I am getting the delivery error reported from the same server. Now it's extremely hard to understand what you are talking about when you report your mail server to reject message from your mail server. This can not be related to that clamav reports 554 5.0.0 and my email blacklist reports 550 5.7.4? putting your mail address on any list won't help, you just create another confusion. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav milter + sendmail, sendmail not reporting reject
On 07.02.22 21:36, Marc wrote: Normally when a client connection is reject by my sendmail server, the client is notified of the Reject message and the client server is generating a NDR. This is listed in my log as [1] however when I send a virus what's the difference between "you" and a "client connection"? it looks like sendmail is not reporting the reject back to the client server. How should I 'enable' this? [1] x sendmail[3880]: 217LNkNB003880: ruleset=check_rcpt, arg1=, relay=hosting.unibit.bg [194.141.8.30], reject=550 5.7.1 < .x...@x.xxx>... Relaying denied [2] Feb 7 22:24:18 x clamav-milter[27526]: Message from to infected by Eicar-Signature Feb 7 22:24:18 x sendmail[27607]: 217LOGRO027607: Milter insert (1): header: X-Virus-Scanned: clamav-milter 0.103.5 at x Feb 7 22:24:18 x sendmail[27607]: 217LOGRO027607: Milter insert (1): header: X-Virus-Status: Infected (Eicar-Signature) Feb 7 22:24:18 x sendmail[27607]: 217LOGRO027607: Milter: data, reject=554 5.7.1 Command rejected Feb 7 22:24:18 x sendmail[27607]: 217LOGRO027607: to=, delay=00:00:00, pri=31328, stat=Command rejected this looks like your sendmail DID reject mail from client. btw. I set up my server to give information about virus rejection: clamav-milter.conf: ... RejectMsg Clamav detected %v Jan 31 03:45:56 fantomas sm-mta[2056]: 20V2jeaN002056: Milter: data, reject=550 5.7.1 Clamav detected Sanesecurity.Malware.21241.ZipHeur.UNOFFICIAL Jan 31 03:45:56 fantomas sm-mta[2056]: 20V2jeaN002056: to=, delay=00:00:08, pri=616456, stat=Clamav detected Sanesecurity.Malware.21241.ZipHeur.UNOFFICIAL -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are... ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?
On 17/01/2022 15:26, Andrew C Aitchison wrote: On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote: On 17/01/2022 14:33, Andrew C Aitchison wrote: Not quite. I have taken over the packaging of this and the justification of packaging the sigs is partly that the tool will work and scan out of the box, partly for the offline consideration and partly because there will be a delay after installation where ClamAV is installed but not in a running condition. IIRC it won't even start without a database. This means that a yum install will need to pause and run freshclam before it can attempt to start clamd. This has knock-on issues and, apparently, it is always best for yum todownload what it needs with yum and not some third party tool. Last time I looked at the .spec file the signatures were marked %config(noreplace) Does that avoid the yum issues ? I can see the sense in running freshclam --datadir=... (or cvdupdate) in the %prep or %build section of clamav.spec rather than in the %post. Or even have two sub-packages clamav-db-large and clamav-db-small both providing clamav-db ? -large has the files and -small has the %post script. On 17.01.22 16:30, Nick Howitt via clamav-users wrote: I give up. This is like pushing water up hill. There is no sensible way of building the packages in one pass which allows me to package the sigs automatically. It looks like Cisco will block you if you try to down load anything and fighting Cisco or trying to get them to change is a total waste of effort. cisco does that because of multiple times explained reason. you are supposed to download with freshclam or use cvdupdate. that's the only optimisation cisco gives us. all other used to overload the mirrors. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Depression is merely anger without enthusiasm. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] help with my system please hybrid os does not update signatures
On 16.01.22 15:38, colin course via clamav-users wrote: yes sorry ged i relized i posted the wong bit but it was to late Thu Jan 6 11:26:38 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Jan 6 11:26:38 2022 -> WARNING: Message: Couldn't resolve host name this looks like DNS problem. does this error appear all the time? Thu Jan 6 11:26:38 2022 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net Thu Jan 6 11:26:38 2022 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net. Thu Jan 6 11:26:38 2022 -> Trying again in 5 secs... Thu Jan 6 11:26:43 2022 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd Thu Jan 6 11:26:43 2022 -> ERROR: remote_cvdhead: Download failed (6) Thu Jan 6 11:26:43 2022 -> ERROR: Message: Couldn't resolve host name Thu Jan 6 11:26:43 2022 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net Thu Jan 6 11:26:43 2022 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] using older clients to download from internal clam proxy
On 02.12.21 18:31, novpenguincne via clamav-users wrote: OK. It might be difficult to get the new client to run on the old o/s but I'll see what I can do. hopefully older client should be able to connect to newer clamav server on different machine via network. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamscan reboots the system
or do something else which limits RAM use to well within what you have. On 21.10.21 12:50, Mehmood, Tariq wrote: Thanks for this pointer. Memory hogging by clamscan was causing the unstable behavior. I have put a limit on the clamscan process for RAM usage by using cgroup and I am able to run clamscan by creating a swap file and limiting RAM. The only downfall of this approach is the time taken by clamscan which is acceptable for now. Of course - there are so many virus signatures that they do not fit into memory. get computer with more memory, or maybe other antivirus sw (I really don't know if any fits into memory). From: clamav-users on behalf of G.W. Haywood via clamav-users Sent: Thursday, October 21, 2021 3:01 AM To: ClamAV users ML Cc: G.W. Haywood Subject: Re: [clamav-users] Clamscan reboots the system Hi there, On Wed, 20 Oct 2021, Mehmood, Tariq wrote: I am running clamscan on imx6q sabresd board which has 1GB of RAM. Even if you only use the 'official' databases, that's not enough RAM. The minimum recommended is 2GB, see https://docs.clamav.net/ A few months back, I got an OOM killer while running clamscan which killed the clamscan process. So, as a workaround, I introduced a swap of 2GB which worked and fixed the OOM killer issue. It's a sticking plaster, not a fix. A fix is to have enough RAM. But, now if I create a swap file of 2GB and run clamscan, the board reboots sometimes, and sometimes the scan is successful. RAM usage is quite high and at times only 5MB of it is left free while running clamscan and swap usage goes as high as 500MB. Running with as little a 5MB free is asking for trouble. Get more RAM for the device, or use another device (with more RAM) for the scanner, or do something else which limits RAM use to well within what you have. My concern is the random rebooting of the board. Why running clamscan is rebooting the board? Nothing in the ClamAV suite will deliberately reboot a system, but it is very common to see things crash when memory is tight. Part of the reason is that a lot of software is never tested for its behaviour with very low memory availability. Perhaps something is crashing the system when it runs out of memory, and the board is set up to reboot after a crash? Why swap file is no more effective? I mean, Introducing a swap file could cause performance degradation, but a reboot shouldn't occur in any case! In an ideal world a reboot shouldn't occur. But that world isn't ours. Is clamscan supposed to work by introducing swap in low-memory systems? It certainly isn't recommended, and I doubt it's been well tested, but the problem might not be with clamscan at all. It might be something else entirely which is causing the problem - you just happen to notice it when there's a low memory condition cause by running a scan. What might be causing the board to reboot in this case and how it can be fixed? See above. What is it that you want ClamAV to do for you, and why? -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] QNAP Antivirus Updates
On Mon, 20 Sep 2021 17:17:34 + "Joel Esler (jesler)" wrote: > On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users wrote: > > These two IPs are Anycast addresses, and have been unchanged for well over 2 years. (Anycast addresses don't have to change even if the physical servers change, that's their point!) They are: > > 104.16.218.84 > 104.16.219.84 That’s what they are for you. Cloudflare routes you to the closest pop to your network. Your mileage may vary On 20.09.21 20:16, Paul Kosinski via clamav-users wrote: I thought the IP addresses, being Anycast, were what are routed to the closest POP. how's this different from what Joel said? No matter, when I resolve "database.clamav.net" via various DNS servers, using TCP to bypass the default local DNS server (as our firewall blocks outbound UDP port 53 otherwise), I always get these same two IP addresses as results (see below) yes, becaue those two IP are anycast... they are router to the nearest POP. Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that the Authoritative server and the public (Anycast) servers could conceivably be distributing different IP addresses depending on who is querying. (BIND/named has become incredibly complicated these days.) But since the two IP addresses are themselves Anycast, what would be the point? the point is, not to provide different IPs via anycast DNS but to provide anycast IPs via any DNS. In any case, does anyone, anywhere, get IP addresses other than 104.16.218.84 104.16.219.84 when resolving "database.clamav.net"? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why does clamonacc says /var/www does not exist (among other things)?
On 09.09.21 16:53, dee heffemm via clamav-users wrote: We use autofs to mount some shared directories under www for the webserver and after disabling autofs, the error has went away. due to how clamonaccess works, it is not compatible with autofs. you'll have to use static mounts, or different way of using clamav, e.g. clamav module for file uploads/downloads, or simply mount a directory and run clam(d)scan over it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamscan information
On 02.09.21 15:45, Karakanovski, Anton via clamav-users wrote: I am writing regarding more information related to usage of clamscan. First I want to share the problem/observation that we have - currently we try to make three scans at a same time (some kind of performance test using jmeter) but unfortunately only the first scan is successful and the rests are with code 2 instead of 0. how much of memory do you have? clamscan can take ~1.5GB I found in clamAV documentation that clamscan is "one-time scanning" but couldn't understand much. Also try find some information in the archive but actually with no result. Can you please explain what is the actual limitation for clamscan and what means "one-time scanning" - does it mean that only one scan engine could be initiated at a time or only one file could be scan? it means that clamscan loads virus database, scans file/files and exits. It can scan multiple files or directories, one after another and then it exits. for each clamscan run, it needs to load virus database again, which can be most CPU expensive operation. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?" [Microsoft] ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Failed to download daily
On 09.09.21 18:10, Scattone, Russell via clamav-users wrote: I keep getting this message and really need the CVD's to install on an isolated system and have been doing it this way because there is no copy of CVD's on the other systems that are updating. 2021-09-09 11:52:49 cvdupdate-0.2.0 WARNING Failed to download daily-26271.cdiff 2021-09-09 11:52:49 cvdupdate-0.2.0 WARNING Download request rejected because we've downloaded the same file too frequently. 2021-09-09 11:52:49 cvdupdate-0.2.0 WARNING We won't try daily.cvd again for 12:00:00 hours. I know for our company there are several systems downloading the files daily. Do I need to set up one system to for all of our systems to get the updates from? yes, this is the (main) reason cvdupdate was created. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Upgrade CLAMAV
On 02.09.21 11:53, OLCESE, Marcelo Oscar.- wrote: Good morning dear !! who do you call dear? ;-) I updated a Debian 10 to 11 and I get the CLAMAV error ... see the one in bold and with bigger font. WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.103.2 Recommended version: 0.103.3 Hopefully debian will update clamav version soon but there's not big dfifference and everything works as supposed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Please unsubscribe me from all emails only
On 30.08.21 12:47, G.W. Haywood via clamav-users wrote: To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe: <https://lists.clamav.net/mailman/options/clamav-users>, <mailto:clamav-users-requ...@lists.clamav.net?subject=unsubscribe> Hi there, On Mon, 30 Aug 2021, Lou Simonis wrote: ... To unsubscribe, please see the headers of any list email sent to you. particularly the ona I've quoted above. Note that the unsubscription must be confirmed, mail will be sent to your address and it's quite possible that the notification will fall into spam folder. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Regarding Clam AV latest Signature on Ubuntu 18.04 OS
On 24.08.21 10:35, Amey Lele via clamav-users wrote: Thanks for appreciating my English :) ! I am from India(Asia). Please check the attached screenshots for more details. instead of screenshot we prefer pasting output text - to the mail if short, to pastebin or similar site and posting link if it's long. On the ClamAV web console it is showing a message as "An update is available", however in logs it is showing the signature updated on 23rd Aug.(OS is Ubuntu 18.04). Please confirm that the signature is properly updated, we just need confirmation as we are not sure about signature update. there is newer version of clamav available, but since it's 0.103.3 instead of 0.103.2, it's no big deal - 0.103.2 is safe to use. ubuntu 18.04 is LTS and going to be supported for a few years, which includes uploading newer clamav versions if they are needed. you can see current status on: packages.ubuntu.com/clamav -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] database updates blocked
On 17.08.21 17:54, Eero Volotinen wrote: https://stackoverflow.com/questions/42982143/python-requests-how-to-use-system-ca-certificates-debian-ubuntu just want to add that in debian 9/10 python-certifi is fine for python2, or python3-certifi for python3 in debian 9 to 11 (the article is over 4 years old which is before debian 9 came out) On Tue, Aug 17, 2021 at 5:50 PM Joel Esler (jesler) via clamav-users < clamav-users@lists.clamav.net> wrote: Yes this, isn’t the server blocking you. You have a problem with your local CA store. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Long Term Support (LTS) program proposal
On 30.07.21 14:38, Paul Kosinski via clamav-users wrote: Recently, the bandwidth hogging episodes have resulted in rapid changes to ClamAV versions, followed by EOL of versions that many people (not including me) were still using. So recently I have had to spend far more time on updating ClamAV than updating anything else I use. And since I can't count on Debian (or even update-happy OpenSUSE) keeping up with these (now rapid) changes, I have always built ClamAV from source, ever since I started using it 16+ years ago. can't count on Debian? i think clamav and spamassassin were the main reasons the volatile (now updates) archive was created and maintainers are trying to get active clamav into debian. Yes, LTS debian has 0.102.4 and not 0.103, but it still works, doesn't it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam - can't apply latest patch 26246
On 29.07.21 09:20, Asenova, Elia via clamav-users wrote: Thanks for the replies. Yes, deleting daily.cld fixed the problem. My concern is that I'm building a docker image with clamav inside it and I have to delete daily.cld on every new build if I want freshclam to work correctly the first time. if you do that often, this behaviour can get you blocked. maybe running local mirror outside of a docker? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] can not download updates
On 27.07.21 16:37, fxkl47BF via clamav-users wrote: > it made no difference > > Tue Jul 27 11:34:03 2021 -> Received signal: wake up > Tue Jul 27 11:34:03 2021 -> ClamAV update process started at Tue Jul 27 11:34:03 2021 > Tue Jul 27 11:34:03 2021 -> WARNING: Your ClamAV installation is OUTDATED! > Tue Jul 27 11:34:03 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3 > Tue Jul 27 11:34:03 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav > Tue Jul 27 11:34:03 2021 -> WARNING: Cool-down expired, ok to try again. > Tue Jul 27 11:34:03 2021 -> daily database available for update (local version: 26231, remote version: 26245) > Tue Jul 27 11:34:05 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed > Tue Jul 27 11:34:05 2021 -> ERROR: downloadPatch: Can't apply patch > Tue Jul 27 11:34:05 2021 -> WARNING: Incremental update failed, trying to download daily.cvd > Tue Jul 27 11:34:06 2021 -> WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd > Tue Jul 27 11:34:06 2021 -> WARNING: FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN). On Tuesday, July 27th, 2021 at 11:51 AM, Matus UHLAR - fantomas wrote: you weren't unblocked by changing receivetimeout. wait until you are unblocked (up to 24 hours) and then you should be able to download the file. what's your bandwidth? the receive can take longer than 5 minutes./ On 27.07.21 18:51, fxkl47BF via clamav-users wrote: for many years it's worked fine with timeout set at 30 seconds for many years it worked with people fetching via wget/curl, but it does not apply now. ...changing timeout won't help you when you are banned, servers don't know about your timeout settings (but will ban you if you repeatedly drop connection because of timeout) Your last info available was: Tue Jul 27 11:34:07 2021 -> WARNING: You are on cool-down until after: 2021-07-27 15:34:07 hopefully it's OK now. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!
On Tue, 27 Jul 2021 16:41:03 +0100 Mark Fortescue via clamav-users wrote: One quick answer to why people do not upgrade the OS is that the hardware does not support the upgrade (mostly due to memory and x86_64). I work with embedded systems where the code is very specific to the hardware so new hardware is not an option. For others it may just be the hassle of starting setting up a new OS and fixing all the distribution bugs/annoyances that get installed with each new OS all over again. On 28.07.21 00:26, Paul Kosinski via clamav-users wrote: In my case, I can't simply upgrade to the latest Debian (or any other distro), as one of the systems is our home firewall and gateway -- with iptables, multi-LAN routing (with local DNS), a bit of bridging, encrypted tunnels to elsewhere, etc. This means we would lose *all* Internet connectivity for who knows how long if I tried an in-place upgrade. a bit OT, but I upgrade debian servers for years in a short steps, combining "apt-get upgrade" so only safe packages are upgraded and manual upgrades a few at once via aptitude (so packages with complicated dependencies at the end, e.g. perl) with configuration differences (updatedb; locate -e .dpkg- .ucf-) handled between those steps. it takes a bit more time, but reduces outages. Ubuntu can be handled similarly (however, even base ubuntu is uselessly bloated and has bit more complicated dependencies). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] can not download updates
On Tuesday, July 27th, 2021 at 10:28 AM, Joel Esler (jesler) jes...@cisco.com wrote: > Maybe try raising your receivetimeout? https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html On Tuesday, July 27th, 2021 at 10:46 AM, fxkl47BF via clamav-users wrote: i changed the receivetimeout to 300 as described in the article i'll see what happens after the cool down ends On 27.07.21 16:37, fxkl47BF via clamav-users wrote: it made no difference Tue Jul 27 11:34:03 2021 -> Received signal: wake up Tue Jul 27 11:34:03 2021 -> ClamAV update process started at Tue Jul 27 11:34:03 2021 Tue Jul 27 11:34:03 2021 -> WARNING: Your ClamAV installation is OUTDATED! Tue Jul 27 11:34:03 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3 Tue Jul 27 11:34:03 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Tue Jul 27 11:34:03 2021 -> WARNING: Cool-down expired, ok to try again. Tue Jul 27 11:34:03 2021 -> daily database available for update (local version: 26231, remote version: 26245) Tue Jul 27 11:34:05 2021 -> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed Tue Jul 27 11:34:05 2021 -> ERROR: downloadPatch: Can't apply patch Tue Jul 27 11:34:05 2021 -> WARNING: Incremental update failed, trying to download daily.cvd Tue Jul 27 11:34:06 2021 -> WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd Tue Jul 27 11:34:06 2021 -> WARNING: FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN). you weren't unblocked by changing receivetimeout. wait until you are unblocked (up to 24 hours) and then you should be able to download the file. what's your bandwidth? the receive can take longer than 5 minutes./ How many machines in your network? If more than one, creating local mirror should be better. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are... ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] can not download updates
On 27.07.21 12:47, fxkl47BF via clamav-users wrote: > for a couple of weeks i've not been able to download updates. i get a > message about on a cool down until a certain future date and time. when > that date and time expires the next update get a message with a new future > date and time. should i abandon all hope of getting updates? On Tuesday, July 27th, 2021 at 8:56 AM, Matus UHLAR - fantomas wrote: it's described here: https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html do you have multiple devices behind one IP address? Do any of those devices download clamav database diferently then using freshclam? On 27.07.21 14:22, fxkl47BF via clamav-users wrote: i have one device that uses freshclam once per hour i am using a vpn why are you using a VPN for downloading virus definitions? it looks like anyone that uses a vpn is probably screwed I wouldn't say so, depends on what VPN. it was good while it lasted yes, but people were abusing the service, that's why it got rate limited -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] can not download updates
On 27.07.21 12:47, fxkl47BF via clamav-users wrote: for a couple of weeks i've not been able to download updates. i get a message about on a cool down until a certain future date and time. when that date and time expires the next update get a message with a new future date and time. should i abandon all hope of getting updates? it's described here: https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html do you have multiple devices behind one IP address? Do any of those devices download clamav database diferently then using freshclam? Tue Jul 27 06:17:14 2021 -> Received signal: wake up Tue Jul 27 06:17:14 2021 -> ClamAV update process started at Tue Jul 27 06:17:14 2021 Tue Jul 27 06:17:14 2021 -> WARNING: Your ClamAV installation is OUTDATED! Tue Jul 27 06:17:14 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3 Tue Jul 27 06:17:14 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Tue Jul 27 06:17:14 2021 -> WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). Tue Jul 27 06:17:14 2021 -> This means that you have been rate limited by the CDN. Tue Jul 27 06:17:14 2021 -> 1. Run FreshClam no more than once an hour to check for updates. Tue Jul 27 06:17:14 2021 -> FreshClam should check DNS first to see if an update is needed. Tue Jul 27 06:17:14 2021 -> 2. If you have more than 10 hosts on your network attempting to download, Tue Jul 27 06:17:14 2021 -> it is recommended that you set up a private mirror on your network using Tue Jul 27 06:17:14 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Tue Jul 27 06:17:14 2021 -> CDN and your own network. Tue Jul 27 06:17:14 2021 -> 3. Please do not open a ticket asking for an exemption from the rate limit, Tue Jul 27 06:17:14 2021 -> it will not be granted. Tue Jul 27 06:17:14 2021 -> WARNING: You are still on cool-down until after: 2021-07-27 07:17:13 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS\*.* ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning PDF for phishing links
On 30.06.21 20:41, Joel Esler (jesler) via clamav-users wrote: Yes. I was just addressing everyone On Jul 1, 2021, at 8:25 AM, Matus UHLAR - fantomas wrote: I have used to forward spam to spamcop, maybe I should start again? I'm thinking about phishtank (well, they refuse my seamonkey so...) Are you just curious or is there something behind your questions? On 01.07.21 14:07, Joel Esler (jesler) via clamav-users wrote: Curious, as I said, ClamAV, SpamCop, and Phishtank are all ran by us. They feed the same ecosystem. Leveraging one to power the other is important. I'd be glad to help here, however in addition to block SeaMonkey, user registration is disabled currently... so while I receive some phish, can't report ich much... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] PORT CONECTION
On 26.07.21 18:41, Salamanca Spain via clamav-users wrote: To receive updates from the official clamav servers, which outgoing port do you recommend I enable to communicate from my server to the claimAV update server? this should completely not matter. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: 'Version of curl is too low' from clamonacc 103.3 on centos 7.9
On 22.07.21 13:01, Andreas Meth via clamav-users wrote: curl/libcurl version 7.78.0 (from city-fan.org.repo) is installed on the system, so it should run. did you also install development packages for that curl version? -Ursprüngliche Nachricht- Von: Tuomo Soini Gesendet: Donnerstag, 22. Juli 2021 14:47 An: Andreas Meth via clamav-users Cc: Meth, Andreas, FCI Betreff: Re: [clamav-users] ERROR: 'Version of curl is too low' from clamonacc 103.3 on centos 7.9 On Thu, 22 Jul 2021 11:39:22 + Andreas Meth via clamav-users wrote: Hi all, Running clamonacc (clamav 0.103.3 from epel) on Centos 7.9.2009 leads to "ERROR: Clamonacc: Version of curl is too low to use fdpassing" According the Doc's I need Curl version >= 7.45 Installed curl/libcurl version is 7.78.0 Anny ideas on this issue? EPEL7 version is rightly build against centos 7.9.2009 libcurl which is 7.29.0-59.el7_9.1 which is too old for using fdpassing. So you can't use epel version of clamav if you need fdpassing with clamonacc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I'm not interested in your website anymore. If you need cookies, bake them yourself. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Warning: No matches found for: clamav on CentOS Linux release 7.9.2009 (Core)
On 20.07.21 00:08, Kaushal Shriyan via clamav-users wrote: I am unable to start clamd service on CentOS Linux release 7.9.2009 (Core). Details are as follows. #systemctl start clamd@server.service Job for clamd@server.service failed because the control process exited with error code. See "systemctl status clamd@server.service" and "journalctl -xe" for details. Jul 20 00:01:57 testdeveloperportal systemd: Starting clamd scanner (server) daemon... Jul 20 00:01:57 testdeveloperportal clamd: ERROR: Can't open/parse the config file /etc/clamd.d/server.conf Isn't "Can't open/parse the config file /etc/clamd.d/server.conf" explanatory enough? # ls -l /etc/clamd.d/ total 68 -rw-r--r-- 1 root root 12110 Feb 27 2020 clamsmtp.conf -rw-r--r-- 1 root root 26647 Jul 19 23:58 scan.conf -rw-r--r-- 1 root root 26648 Jul 19 23:57 scan.conf.2021-07-19 it's not there... I guess it's what "clamd.conf" is on other systems. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] New installation 103.3; failing freshclam
On 17.07.21 09:57, Paul Rogers via clamav-users wrote: Hi, I'm back again. I was here last month, and got some help, but it didn't resolve my issue. I could see some legitimate questions, so I decided I'd better go back and "get my ducks in a row". (This is a hand-made 32-bit version of LFS that has to run on some legacy hardware.) Here's what freshclam now does: [09:37 scripts]# cat ~/fresh.log Sat Jul 17 09:25:51 2021 -> ClamAV update process started at Sat Jul 17 09:25:51 2021 Sat Jul 17 09:25:51 2021 -> daily database available for download (remote version: 26235) Sat Jul 17 09:25:51 2021 -> ^Download failed (77) Sat Jul 17 09:25:51 2021 -> ^ Message: Problem with the SSL CA cert (path? access rights?) doesn't the message "Problem with the SSL CA cert (path? access rights?)" ring a bell? do you have CA certificates installed? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Qnap TS-259Pro+
On 13.07.21 19:47, Eero Volotinen wrote: You probably need to buy newer version of qnap nas or compile clamav from sources. that apparently won't help - TS-259Pro+ seems to only have 1GB of RAM, where clamav needs more (about 1.5GB on my machine) On Tue 13. Jul 2021 at 19.41, Raymond Ng via clamav-users < clamav-users@lists.clamav.net> wrote: My Qnap NAS suddenly stop updating Virus signature since March. It had a manual update but I can’t find where to download the latest signature file at Clamav home page. Kindly help to direct where I could download the latest signature so I could manual update the signature. Ive check on the Qnap Community site that there is a new version of Clamav but it’s not compatible with my model. this was heavily discussed and explained here and in the QNAP forum too. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning PDF for phishing links
On 30.06.21 20:41, Joel Esler (jesler) via clamav-users wrote: Yes. I was just addressing everyone I have used to forward spam to spamcop, maybe I should start again? I'm thinking about phishtank (well, they refuse my seamonkey so...) Are you just curious or is there something behind your questions? On Jun 30, 2021, at 00:35, Al Varnell via clamav-users wrote: If that question was addressed to all on this list, then yes, I forward all spam to SpamCop and everything suspected as a phish to phishtank (among others). But it's low volume, just from my wife and my's accounts. On Jun 29, 2021, at 12:48, Joel Esler (jesler) via clamav-users wrote: How many of you are present members of either phishtank.com or spamcop.net? Both of which are ran by Talos, and both of which feed the same intel system that ClamAV can read from? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Limit memory usage of Clamd
On 21.06.21 08:00, Kosala Lakshitha De Silva via clamav-users wrote: I have installed ClamAV on a container (runs on alpine). Also I have a web service running in the same container which is used to expose scanning to outside. I am using clam demon to do the scanning. (via TCP socket) When I run this setup it takes memory usage upto 1.5GB. if I only ran the webservice (i.e. not initializing clam demon) it only takes about 350MB of RAM. I don't know how you measure it, but running clamscan took about the same amount of memory as clamd now when I tried. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help about Clamava on QNAP
On 06.05.21 12:19, Chellini Stefano via clamav-users wrote: My QNAP NAS It is EOL , it is TS419-PII Is it available an option to upgrade the antivirus on it ? On Thu, 6 May 2021, Matus UHLAR - fantomas wrote: it should be installable through entware package, but as it only has 512MB of RAM, it's largely useless there (may not work properly). On 06.05.21 13:18, G.W. Haywood via clamav-users wrote: QNAP devices have been mentioned several times on this list recently. [...] Do us all a favour and get rid of them. easies would be to say: Do not expose QNAP devices to the internet. However, the main problem here is: Old QNAP devices with <=1GB RAM won't run ClamAV, you can use them for storage, but if you need virus scanning, do that externally. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help about Clamava on QNAP
On 06.05.21 12:19, Chellini Stefano via clamav-users wrote: My QNAP NAS It is EOL , it is TS419-PII Is it available an option to upgrade the antivirus on it ? it should be installable through entware package, but as it only has 512MB of RAM, it's largely useless there (may not work properly). Il giorno 6 mag 2021, alle ore 12:15, Matus UHLAR - fantomas ha scritto: On 06.05.21 11:52, Chellini Stefano via clamav-users wrote: Hi , the automatic update doesn’t works for a few times. Till now , I downloaded the *.cvd files and imported manually on QNAP storage interface Now , the cvd files are not available to download Can you help me to check if it is possible to enable the automatic update or available the files that I can download ? seems that most of QNAP appliances run version of Clamav older than 0.100 (those versions are not supported). Isn't your QNAP NAS eoled ? https://www.qnap.com/en/product/eol.php Also, many QNAP appliances have less than 1GB of RAM. ClamAV needs more (2GB or more is recommended). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help about Clamava on QNAP
On 06.05.21 11:52, Chellini Stefano via clamav-users wrote: Hi , the automatic update doesn’t works for a few times. Till now , I downloaded the *.cvd files and imported manually on QNAP storage interface Now , the cvd files are not available to download Can you help me to check if it is possible to enable the automatic update or available the files that I can download ? seems that most of QNAP appliances run version of Clamav older than 0.100 (those versions are not supported). Isn't your QNAP NAS eoled ? https://www.qnap.com/en/product/eol.php Also, many QNAP appliances have less than 1GB of RAM. ClamAV needs more (2GB or more is recommended). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav incremental scan?
On 04.05.21 14:19, Michael Wang wrote: It seems that this should be a common question, but I did not find a definite answer via Google search. I saw solutions to only scan files in the last 60 days, what solution? Something related to "find ... -mtime"? but it is not difficult for a virus file to change date, isn't it? if the above is true, "find ... -ctime" should do what you want. ctime is actualized everytime you change something on file, including modification time (and ctime of course) Thus, it's not possible date ctime back without direct access to filesystem (in which case your problem would be much bigger). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Request for guidelines to connect freshclam to Squid proxy
On 29.04.21 11:05, Zvi Kave via clamav-users wrote: We would like to get a manual that describes how to configure freshclam and proxy to refresh the signature files through the proxy (squid) and not directly. use freshclam options: HTTPProxyServer STR, HTTPProxyPort NUMBER Explanation: Our servers are behind a firewall. The freshclam is referred to different ClamAV mirror with different IP for each refresh. We wish to open only one IP in the firewall. We tried to set a proxy server outside the firewall and define freshclam on all the other servers apply to the proxy server. We did not succeed to configure clamAV and Squid to work together. 1. Is there a better solution for this problem except proxy server? using local clamav mirror: https://github.com/Cisco-Talos/cvdupdate 2. Can you please send us manual or guidelines how to use this proxy ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Problema antivirus su Nas QNAP
On 26.04.21 22:49, Federico Dal Zotto via clamav-users wrote: possiedo un Nas QNAP TS-231 According to https://www.qnap.com/en/product/ts-231/specs/hardware the TS-231 only has 512MB of RAM, while clamav needs >1GB. AFAIk TS-231 can't be expanded with more RAM. I'm afraid that ClamAV on your NAS is not useful. firmware 4.3.6.1620 e da quando l'ho comprato 2 anni fa non sono mai riuscito a fare l'aggiornamento automatico di Clamav Antivirus , solo in modo manuale importando il file nuovo con le definizioni. Ho contattato l'assistenza tecnica QNAP la quale mi ha detto di contattare Clamav perchè il Nas è ok senza problemi. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error 429 when updating database
On Apr 8, 2021, at 2:26 PM, Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote: I don't think this is easily doable for devuan ascii. (not much people want to backport manually) Still, 102.4 should work properly, shouldn't it? On 08.04.21 18:38, Joel Esler (jesler) via clamav-users wrote: It does. But 103.2 handles the downloads and interactions SO MUCH BETTER (I’ve been watching the updates for 103.2’s FreshClam all morning, and it’s working so much better. FYI, 0.103.2 has landed in debian 10 this weekend. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error 429 when updating database
On 10/04/2021 23:45, Matus UHLAR - fantomas wrote: On 10/04/2021 22:59, Matus UHLAR - fantomas wrote: [SNIP] it could help if we provided proper reason to upgrade tho. On 10.04.21 23:08, Gary R. Schmidt wrote: Isn't, "It's security software", sufficient? obviously not. There are still question: 1.) what may break if we upgrade? 2.) what may break if we don't upgrade? 3.) why should we upgrade if nothing's broken and we risk 1.) ? etc On 10.04.21 23:54, Gary R. Schmidt wrote: Hmm, must not be too worried, then. The mob I work for's (enterprise) clients tend to send me queries every time an OpenSSL or other CVE comes out, "How long will it take to apply the fix?", "When will you have a new release ready?", "Does it affect the product(s)?", usually in that order. And yes, we all know about the problem of, "How much other testing will have to be done?" Debian and other distros usually fix security bugs by backporting security fix into provided SW version. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] SSN question
On Tue, 6 Apr 2021, Matus UHLAR - fantomas wrote: I see that I can enable DLP by enabling StructuredDataDetection true which allows for scanning credit card numbers and social security numbers in US format. Is there any possibility to enhance this by adding other formats? in slovakia we have numbers in format XMDD/OPQR? ... i can scan these in spamassassin but perhaps ehnancing clamav (and therefore everything that uses clamav) could be useful. On 07.04.21 00:17, G.W. Haywood via clamav-users wrote: Perhaps this should go to the development list? Or/and Bugzilla? I don't feel joining devel list. I can fill out bugreport but first wanted to discuss it here to see if it makes sense for others. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?" [Microsoft] ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] SSN question
On 06.04.21 15:51, eric-l...@truenet.com wrote:
I noticed no one emailed you back.
I usually give people time to think, so thank you for doing it.
I personally would just use a yara regex if needed, but I would definitely
test first with just yara to make sure there isn't too many false positives.
If you've never created a yara file, it's just really a regex.
Searching on Google, as there may be something already:
https://regexlib.com/UserPatterns.aspx?authorid=1c12ce3c-cb6a-43c3-8d86-4ea8
777f4393
/*** Slovak_ID.yar ***/
rule slovak_id_format
{
strings:
$re1 =
/([0-9]{2})(01|02|03|04|05|06|07|08|09|10|11|12|51|52|53|54|55|56|57|58|59|6
0|61|62)(([0]{1}[1-9]{1})|([1-2]{1}[0-9]{1})|([3]{1}[0-1]{1}))/([0-9]{3,4})/
condition:
$re1
/**/
No clue, but looks like the format of this one is different, as I would
expect either 19 or 20 to start, but this says 0-9 for both.
first two PIN digits are just the last two digits of birth year, so yes, any
combination is possible.
I tried optional space before/after the slash which made the RE even more
effective.
-Original Message-
From: clamav-users On Behalf Of
Matus UHLAR - fantomas
Sent: Tuesday, April 6, 2021 12:03 PM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] SSN question
Hello,
I see that I can enable DLP by enabling
StructuredDataDetection true
which allows for scanning credit card numbers and social security numbers
in US format.
Is there any possibility to enhance this by adding other formats?
in slovakia we have numbers in format XMDD/OPQR?
... i can scan these in spamassassin but perhaps ehnancing clamav (and
therefore everything that uses clamav) could be useful.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error 429 when updating database
On 10/04/2021 22:59, Matus UHLAR - fantomas wrote: [SNIP] it could help if we provided proper reason to upgrade tho. On 10.04.21 23:08, Gary R. Schmidt wrote: Isn't, "It's security software", sufficient? obviously not. There are still question: 1.) what may break if we upgrade? 2.) what may break if we don't upgrade? 3.) why should we upgrade if nothing's broken and we risk 1.) ? etc -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error 429 when updating database
On 08.04.21 16:23, Joel Esler (jesler) via clamav-users wrote: Upgrade to 103.2. The FreshClam there is much better and will resolve the issues. On Thu, 8 Apr 2021 16:44:46 Matus UHLAR - fantomas wrote: I don't think this is easily doable for devuan ascii. (not much people want to backport manually) On Sat, 10 Apr 2021, Marko Randjelovic wrote: I have backported software many times. It usually needs much time, needs or doesn't need? though in concrete case I suppose not so much because you can install dependencies with 'apt-get build-deps clamav'. Furthermore, then you have to update it manually. On the other hand, I'm sure the packages will be updated in Devuan, just with a relatively long delay. It's always so with Debian clamav packages. On 10.04.21 09:35, G.W. Haywood via clamav-users wrote: Your choice. I prefer (1) to be responsible for my own security, and (2) to be considerate to people who provide me with a service for free and also free advice about how cause the least trouble for them. I'm running 0.103.2 on Debian Buster which was no trouble at all to build. Debian Buster was released nearly two years ago; Devuan Ascii is based on Debian Stretch, which was released two years earlier. I can't see that it makes sense deliberately to throw away two years' development plus security fixes but I understand what drove the Devuan distraction and briefly flirted with it myself. The experience did not prove to be so refreshing as I had hoped. luckily debian people tend to update clamav quite soon, compared to common packages. However, functionality and backwards compatibility is the key here, not just having current SW version. There's already a bug filled: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622 it could help if we provided proper reason to upgrade tho. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error 429 when updating database
On 08.04.21 16:37, marko...@eunet.rs<mailto:marko...@eunet.rs> wrote: I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and when try to update databases I get error 429 from server (logged in /var/log/clamav/freshclam.log): Thu Apr 8 14:23:32 2021 -> WARNING: downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd Is there a way to solve this? On Thu, 8 Apr 2021 16:44:46 +0200 Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote: code 429 means you make a problem: https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html are you behind NAT? do you use clamav on multiple machines? On Apr 8, 2021, at 11:52 AM, Marko Randjelovic mailto:marko...@eunet.rs>> wrote: After a long time I tried to scan a file but saw databases are very old and update was not working. Then I deleted databases from /var/lib/clamav thinking this will resolve problem. But obviously I was wrong. And yes, I have another machine with clamav which is behind the same NAT as the problematic machine. one time freshclam download should not cause a problem. ...unless others knows more :) Now I just copied files from another machine and freshclam says databases are up to date. I'll see after update become available if freshclam will be able to download it. this _should_ work. but the real quest is why tehe above didn't work. If you cause problem, another update may be refused... again, more info may be available from others good luck and watch the logs. On 08.04.21 16:23, Joel Esler (jesler) via clamav-users wrote: Advice, for literally anyone: Upgrade to 103.2. The FreshClam there is much better and will resolve the issues. I don't think this is easily doable for devuan ascii. (not much people want to backport manually) Still, 102.4 should work properly, shouldn't it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!". ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Error 429 when updating database
On 08.04.21 16:37, marko...@eunet.rs wrote: I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and when try to update databases I get error 429 from server (logged in /var/log/clamav/freshclam.log): Thu Apr 8 14:23:32 2021 -> ClamAV update process started at Thu Apr 8 14:23:32 2021 Thu Apr 8 14:23:32 2021 -> WARNING: Your ClamAV installation is OUTDATED! Thu Apr 8 14:23:32 2021 -> WARNING: Local version: 0.102.4 Recommended version: 0.103.2 Thu Apr 8 14:23:32 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Thu Apr 8 14:23:32 2021 -> daily database available for download (remote version: 26134) Thu Apr 8 14:23:32 2021 -> WARNING: downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd Thu Apr 8 14:23:32 2021 -> WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd Thu Apr 8 14:23:32 2021 -> Trying again in 5 secs... Is there a way to solve this? code 429 means you make a problem: https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html are you behind NAT? do you use clamav on multiple machines? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?
Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users napsal(a): > Are you still attempting to download safebrowsing.cvd? > > It has come to our attention that a few of you (about 515,000 of you, to > be more accurate), are still attempting to download the safebrowsing.cvd > file from the official ClamAV mirrors. This tells us that these > attempted downloads are an installation of FreshClam (a non-updated > FreshClam.conf or other script) that have not been updated to remove the > safebrowsing database.> On 07.04.21 21:04, Vladislav Kurz via clamav-users wrote: These could be Debian users. The debian package offers to enable safebrowsing.cvd, and there is no indication that it is discontinued. Perhaps, if you talk to Debian Clamav maintainers, they could release an update that disables this option without asking ? it's disabled by default, but yes, that disabling it unconditionally would be good The question is, if the old safebrowsing.cld has to be removed if it exists. Anyway I was one of those, and now disabling it everywhere... +1 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question! ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] SSN question
Hello, I see that I can enable DLP by enabling StructuredDataDetection true which allows for scanning credit card numbers and social security numbers in US format. Is there any possibility to enhance this by adding other formats? in slovakia we have numbers in format XMDD/OPQR? ... i can scan these in spamassassin but perhaps ehnancing clamav (and therefore everything that uses clamav) could be useful. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamscan suddenly taking 25 minutes for a single mail
On 06.04.21 08:43, Eddie via clamav-users wrote: A POP3 proxy program I have running on a Debian 10.8 system, uses clamscan to check incoming e-mails. At some point in the very early morning (US West Coast time) it suddenly started taking a very long time to scan each mail, So much that the controlling process would time out before clamscan finished. Up to this point it was running fine. Running a test from the command line, on a very simple 1-line mail took around 25 minutes: root@CleanMail:~# date ; clamscan test.msg -v --no-summary ; date Mon 05 Apr 2021 11:59:10 AM PDT Scanning /root/test.msg /root/test.msg: OK Mon 05 Apr 2021 12:24:06 PM PDT root@CleanMail:~# Looking through the logs, I can't see anything happening in the period between the last good scan and the sloow ones. Where should I be going next to track this down. you should prefer clamdscan, that uses tunning clamd to scan, this way you skip virus DB initialization at each scan. Note that the memory question is important. clamd uses >1GB RAM on my machine. you need at least 2GB of RAM to scan in reasonable time. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Need help | Install clamav from source package
Citeren Andrew C Aitchison via clamav-users : Could you take the latest OpenSuSE source package and build that ? On 28.03.21 18:49, Arjen de Korte via clamav-users wrote: Probably not. There have been quite some changes since 0.99 and I doubt SLE 12 SP2 will satisfy all of them. For instance, you'll need a newer libcurl than is available. This is not for the faint of heart and IMHO doesn't make sense for a system that is so close to being EOL'd. I have already posted that it does seem to be available: https://scc.suse.com/packages?name=SUSE Linux Enterprise Server=12.2=x86_64=clamav= -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
